Hi! My name is

Patrick Jfremov-Kustov

Designing, building, and monitoring security functions

Skills & Interests

About Me

SOC Analyst protecting UK critical national infrastructure at the Civil Aviation Authority, delivering L1/L2 incident response, threat hunting and automation across a hybrid, cloud estate. I investigate complex attacks using a modern SOAR and SIEM stack, engineer query-based detections, and build Python-driven playbooks that cut false positives while accelerating response. My background spans AWS-focused DevSecOps (Terraform, API integrations, GitHub Actions) and offensive security practice (top 1% on TryHackMe, regular CTFs), giving me a strong engineering and adversary perspective on defence. I hold a First-Class BSc in Computer Science (University of Southampton, CPSIoTSec publication) and am CompTIA Security+ certified. Proven communicator with experience delivering security workshops to technology departments and translating complex concepts for diverse audiences. I'm driven by collaborative problem-solving, clear communication, and the opportunity to strengthen enterprise security posture.

Patrick Jfremov-Kustov

Experience

Work Experience

  • Jan 2025 – Present
    SOC Analyst · UK Civil Aviation Authority(United Kingdom - Hybrid)
    • Joined at the launch of a new in-house Security Operations Centre supporting critical national infrastructure, rapidly adapting to new tooling and processes while delivering effective L1/L2 incident detection and response during a high-pressure go-live phase.
    • Resolved 150+ security incidents within the first three months, including clearing a backlog of nearly 150 cases during a high-volume period while managing a steady influx of new alerts, consistently meeting SLA requirements and maintaining high-quality documentation.
    • Investigated and remediated complex security incidents across hybrid environments, correlating telemetry from multiple security and logging platforms to identify root causes and confidently determine the presence or absence of compromise.
    • Conducted proactive threat hunting aligned with current attack trends, producing actionable reports and refining detection logic to reduce false positives and improve monitoring effectiveness.
    • Developed and implemented automation to enrich investigations and streamline workflows, reducing manual effort and accelerating response times through custom scripting and orchestration playbooks.
    • Supported and mentored junior analysts by reviewing investigations, sharing knowledge and tooling, and contributing to escalated cases, while communicating key findings and trends to stakeholders to drive continuous improvement.
    SOCL1/L2SOARSIEMThreat HuntingAutomation
  • Jun 2024 – Sep 2024
    DevSecOps Engineer (Placement) · Esure Group(United Kingdom - Remote)
    • Built AWS infrastructure using Terraform (VPCs, subnets, security groups, EC2) and worked with Wiz findings to support cloud security posture improvements.
    • Developed Python/FastAPI services and webhooks to integrate security tooling, exposing POST endpoints and CRUD APIs to support automated security workflows.
    • Supported SIEM and EDR operations (Rapid7, CrowdStrike, Mimecast), contributing to incident handling and phishing response, and assisted with security compliance and supplier assurance activities.
    • Applied and advocated DevSecOps “shift-left” practices, working with GitHub Actions CI/CD pipelines and discussing how to integrate security checks to improve feedback loops to engineering teams.
    TerraformAWSFastAPIGitHub ActionsSIEMEDR

Education

  • Nov 2022 – July 2025
    BSc (Hons) Computer Science, First Class (1:1) · University of Southampton(Southampton, United Kingdom)
    • Dissertation: "Collaborative Access Control for People with Mild Dementia" - 85%; published to an ACM conference (CPSIoTSec 2025)
    • Leveraged the cyber kill chain model to analyse real-world attack scenarios and map threat actor behaviours, sharpening how I structure incident investigations and drive threat hunts.
    • Engineered Python-based Azure Functions for Cosmos DB CRUD operations and deployed Function Apps, gaining hands-on experience with cloud-native, event-driven services similar to those protected in modern CSIRT environments.
    • Explored web and cloud application attack and defence techniques (e.g. authentication flaws, injection, misconfiguration), building a strong foundation for assessing and fortifying cloud-hosted services.
    • Proved strong core engineering skills by earning top marks in object-oriented programming (Java) and UNIX/SQL, fueling my ongoing work in Python scripting, automation, and log analysis at scale.
    Computer ScienceCybersecurityPythonAzure
  • A-Levels · The College of Richard Collyer(United Kingdom)
    • A* Mathematics; A Computer Science; A Psychology

Leadership & Activities

  • Ongoing
    CTFs & Labs · Cybersecurity Competitions & Community
    • Ranked in the top 1% on TryHackMe, focusing on attack paths and lab environments that mirror real-world adversary techniques.
    • Regularly engage in Capture the Flag (CTF) exercises to sharpen offensive skills and better inform threat hunting and detection logic.
    • Apply a structured penetration testing workflow (reconnaissance, enumeration, exploitation, post-exploitation) across web, network and privilege-escalation labs.
    TryHackMeCTFPenetration Testing

Certifications & Awards

  • Certifications ·
    • CompTIA Security+ (2025)
    • SC-200 (in progress)
    • SecAI+ (in progress)
    • CyberFirst Futures (SCQF Level 5)
    • AWS Cloud Practitioner Course (O'Reilly)
    • SOC Analyst Pathway (LetsDefend)
    CompTIA Security+SC-200SecAI+AWS Cloud
  • Awards ·
    • The Ranstad Education ICT Award

Projects